An implementation of the SecretSealer abstract interface that binds the secrets to the enclave identity on a local machine. More...
#include <sgx_local_secret_sealer.h>
Public Member Functions | |
| SgxLocalSecretSealer (const SgxLocalSecretSealer &other)=delete | |
| virtual | ~SgxLocalSecretSealer ()=default |
| SgxLocalSecretSealer & | operator= (const SgxLocalSecretSealer &other)=delete |
| SealingRootType | RootType () const override |
| Gets the sealing root type of this SecretSealer. More... | |
| std::string | RootName () const override |
| Gets the sealing root name of this SecretSealer. More... | |
| std::vector< EnclaveIdentityExpectation > | RootAcl () const override |
| Gets the sealing root ACL of this SecretSealer. More... | |
| Status | SetDefaultHeader (SealedSecretHeader *header) const override |
Generates the default sealed-secret header based on the configuration of the SecretSealer and writes it to header. More... | |
| StatusOr< size_t > | MaxMessageSize (const SealedSecretHeader &header) const override |
Gets the maximum message size (in bytes) that can be sealed according to the cipher-suite configuration recorded in header. More... | |
| StatusOr< uint64_t > | MaxSealedMessages (const SealedSecretHeader &header) const override |
Gets the maximum number of messages that can safely be sealed according to the cipher-suite configuration recorded in header. More... | |
| Status | Seal (const SealedSecretHeader &header, ByteContainerView additional_authenticated_data, ByteContainerView secret, SealedSecret *sealed_secret) override |
| Seals the input per the header specification. More... | |
| Status | Unseal (const SealedSecret &sealed_secret, CleansingVector< uint8_t > *secret) override |
Unseals the sealed_secret and writes it to secret. More... | |
 Public Member Functions inherited from asylo::SecretSealer | |
| SecretSealer ()=default | |
| virtual | ~SecretSealer ()=default |
| virtual Status | Reseal (const SealedSecret &old_sealed_secret, const SealedSecretHeader &new_header, SealedSecret *new_sealed_secret) |
| Re-seals an already sealed secret to a new header. More... | |
Static Public Member Functions | |
| static std::unique_ptr< SgxLocalSecretSealer > | CreateMrenclaveSecretSealer () |
| Creates an SgxLocalSecretSealer that seals secrets to the MRENCLAVE part of the enclave code identity. More... | |
| static std::unique_ptr< SgxLocalSecretSealer > | CreateMrsignerSecretSealer () |
| Creates an SgxLocalSecretSealer that seals secrets to the MRSIGNER part of the enclave identity. More... | |
| Static Public Member Functions inherited from asylo::SecretSealer | |
| static StatusOr< std::string > | GenerateSealerId (SealingRootType type, const std::string &name) |
| Combines the specified sealing root type and sealing root name to form a string. More... | |
Detailed Description
An implementation of the SecretSealer abstract interface that binds the secrets to the enclave identity on a local machine.
The secrets sealed by this sealer can only be unsealed on the same machine.
The SgxLocalSecretSealer can be configured to seal secrets either to MRENCLAVE or MRSIGNER. The SgxLocalSecretSealer class provides two factory methods–one that creates an SgxLocalSecretSealer configured to seal secrets to MRENCLAVE and another that creates an SgxLocalSecretSealer configured to seal secrets to MRSIGNER. In the MRENCLAVE-sealing mode, the default SealedSecretHeader generated by the sealer binds the secrets to the MRENCLAVE portion of the enclave's identity. In the MRSIGNER mode, the default SealedSecretHeader generated by the sealer binds the secrets to the MRSIGNER portion of the enclave's identity. In either mode, the sealed secret is bound to all bits of MISCSELECT, and all security-sensitive bits of ATTRIBUTES, as defined in secs_attributes.h.
Note that the SealedSecretHeader provided to the Seal() method also controls the cipher suite used for sealing the secret. The default setting of this field (as populated by SetDefaultHeader() ) is subject to change. As a result, users must not make any assumptions about the default cipher suite. If they wish to use a specific cipher suite, they must manually verify or override the cipher suite set by the SetDefaultHeader() method.
Sample usage for Seal():
Sample usage for Unseal():
It should be noted that the SgxLocalSecretSealer's configuration only affects the default header generated by the sealer. Users can override the generated default header. A sealer in either MRENCLAVE or MRSIGNER configuration can unseal secrets that are sealed by a sealer in either configuration.
Constructor & Destructor Documentation
◆ SgxLocalSecretSealer()
|
delete |
◆ ~SgxLocalSecretSealer()
|
virtualdefault |
Member Function Documentation
◆ CreateMrenclaveSecretSealer()
|
static |
Creates an SgxLocalSecretSealer that seals secrets to the MRENCLAVE part of the enclave code identity.
- Returns
- A smart pointer that owns the created sealer.
◆ CreateMrsignerSecretSealer()
|
static |
Creates an SgxLocalSecretSealer that seals secrets to the MRSIGNER part of the enclave identity.
- Returns
- A smart pointer that owns the created sealer.
◆ MaxMessageSize()
|
overridevirtual |
Gets the maximum message size (in bytes) that can be sealed according to the cipher-suite configuration recorded in header.
The user is expected to call this before calling Seal() to ensure that they have chunked their messages correctly. The maximum message sizes of supported cipher-suites are as follows:
- AES-GCM-SIV supports a maximum message size of 32 MiB
- Parameters
-
header The associated header to determine the maximum message size.
- Returns
- The maximum message size that can be encrypted based on the cipher-suite configuration in header, or a non-OK status if the
Implements asylo::SecretSealer.
◆ MaxSealedMessages()
|
overridevirtual |
Gets the maximum number of messages that can safely be sealed according to the cipher-suite configuration recorded in header.
The user is responsible for following these guidelines. The secret sealer will not check the number of secrets sealed. The maximum number of sealed messages of supported cipher-suites are as follows:
- AES-GCM-SIV can safely seal 2 ^ 48 messages
- Parameters
-
header The associated header to determine the maximum number of sealed messages.
- Returns
- The maximum number of messages that can be sealed based on the cipher-suite configuration in header, or a non-OK status if the cipher-suite configuration is not supported.
Implements asylo::SecretSealer.
◆ operator=()
|
delete |
◆ RootAcl()
|
overridevirtual |
Gets the sealing root ACL of this SecretSealer.
- Returns
- The sealing root ACL of this object.
Implements asylo::SecretSealer.
◆ RootName()
|
overridevirtual |
Gets the sealing root name of this SecretSealer.
- Returns
- The sealing root name of this class.
Implements asylo::SecretSealer.
◆ RootType()
|
overridevirtual |
Gets the sealing root type of this SecretSealer.
- Returns
- The sealing root type of this class.
Implements asylo::SecretSealer.
◆ Seal()
|
overridevirtual |
Seals the input per the header specification.
The header must have its secret_name, secret_version and secret_purpose fields populated. If any of the remaining fields in the header are populated, then they must be compatible with the underlying sealing root.
- Parameters
-
header The metadata to guide the sealing. additional_authenticated_data Unencrypted data that is bundled with the sealed secret. secret The data to encrypt and seal. [out] sealed_secret The output sealed secret.
- Returns
- A non-OK status if sealing fails.
Implements asylo::SecretSealer.
◆ SetDefaultHeader()
|
overridevirtual |
Generates the default sealed-secret header based on the configuration of the SecretSealer and writes it to header.
- Parameters
-
[out] header The destination for the default SealedSecretHeader value.
- Returns
- A non-OK status if a default cannot be set.
Implements asylo::SecretSealer.
◆ Unseal()
|
overridevirtual |
Unseals the sealed_secret and writes it to secret.
- Parameters
-
sealed_secret The input secret to unseal. [out] secret The destination for the unsealed secret.
- Returns
- A non-OK Status if unsealing fails.
Implements asylo::SecretSealer.
The documentation for this class was generated from the following file:
- asylo/identity/sealing/sgx/sgx_local_secret_sealer.h